Week 36 in Review – 2012

‘Elderwood’ Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies – threatpost.com
The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a seemingly inexhaustible supply of zero day vulnerabilities. The crew is using a variety of techniques to go after its targets, most notably compromising legitimate Web sites frequented by employees of the targeted organizations and then delivering exploits for one or more of their stockpiled zero-day bugs, researchers say.

The Elderwood Project – symantec.com
In 2009, we saw the start of high profile attacks by a group using the Hydraq (Aurora) Trojan horse. We’ve been monitoring the attacking group’s activities for the last three years as they’ve consistently targeted a number of industries.

The Elderwood Project (Infographic) – symantec.com
Symantec Security Response have published a research paper revealing details about a series of attacks perpetrated by a highly organized and well funded group using the “Elderwood” Attack Platform. This platform is a series of tools and infrastructure used by this group to perform attacks against targets in a speedy and efficient manner.

Penetration Testing for iPhone Applications – Part 3 – resources.infosecinstitute.com
In the first part of this article, we have discussed the iPhone application traffic analysis. The second part of the article covered the privacy issues and property list data storage. In this part, we will make an in-depth analysis of the keychain data storage.

On the (provable) security of TLS: Part 1 – blog.cryptographyengineering.com
If you sit a group of cryptographers down and ask them whether TLS is provably secure, you’re liable to get a whole variety of answers. Some will just giggle. Others will give a long explanation that hinges on the definitions of ‘prove’ and ‘secure’. What you will probably not get is a clear, straight answer.

Password cracking, part II: when does password cracking matter? – lightbluetouchpaper.org
Yesterday, I took a critical look at the difficulty of interpreting progress in password cracking. Today I’ll make a broader argument that even if we had good data to evaluate cracking efficiency, recent progress isn’t a major threat the vast majority of web passwords.

Completely In-Memory Mimikatz with Metasploit – room362.com
Executing WCE.exe in memory as demoed by Egypt here: https://community.rapid7.com/community/metasploit/blog/2012/05/08/eternal-sunshine-of-the-spotless-ram has two issues with it. 1, you leave a file on disk with your hashes and clear text passwords. That just won’t do. 2. There is this DLL called WCEAUX.dll that gets written for the briefest second to disk.

Skipfish-2.09b Update – code.google.com
Skipfish is a fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

UPDATE: NOWASP Mutillidae 2.3.5 – sourceforge.net
NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiast to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux,Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on SamuraiWTF and Rapid7Metasploitable-2. The existing version can be updated on either.

oclHashcat-plus v0.09 – hashcat.net
We are proud to present oclHashcat-plus v0.09! Lots of new features and algorithms have been added, and many bugs have been fixed.

Other News

Sniffing open WiFi networks is not wiretapping, judge says – arstechnica.com
A federal judge in Illinois has ruled that intercepting traffic on unencrypted WiFi networks is not wiretapping. The decision runs counter to a 2011 decision that suggested Google may have violated the law when its Street View cars intercepted fragments of traffic from open WiFi networks around the country.

WhatsApp is using IMEI numbers as passwords – samgranger.com
As you probably already heard in recent news, 1,000,001 Apple UDID’s were leaked. It’s unfortunate that so many apps use UDID’s to identify users since it’s extremely insecure.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.